Skip to content

Commit

Permalink
ROX-20757: add multi-arch builds to scanner pipeline.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Stringy
Stringy committed Jul 19, 2024
1 parent 3ffc6e2 commit fdd68be
Showing 1 changed file with 256 additions and 10 deletions.
266 changes: 256 additions & 10 deletions .tekton/scanner-component-pipeline.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ spec:
value: $(tasks.clone-repository.results.commit)
- description: ""
name: JAVA_COMMUNITY_DEPENDENCIES
value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES)
value: $(tasks.build-container-amd64.results.JAVA_COMMUNITY_DEPENDENCIES)

workspaces:
- name: git-auth
Expand Down Expand Up @@ -211,10 +211,10 @@ spec:
taskRef:
name: fetch-scanner-data-oci-ta

- name: build-container
- name: build-container-amd64
params:
- name: IMAGE
value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)
value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-amd64
- name: DOCKERFILE
value: $(params.dockerfile)
- name: CONTEXT
Expand All @@ -236,6 +236,8 @@ spec:
value: $(tasks.fetch-scanner-data.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
- name: PLATFORM
value: linux/amd64
taskRef:
params:
- name: name
Expand All @@ -250,13 +252,73 @@ spec:
operator: in
values: [ "true" ]

- name: apply-tags
- name: apply-tags-amd64
params:
- name: IMAGE
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-container-amd64.results.IMAGE_URL)
- name: ADDITIONAL_TAGS
value:
- konflux-$(params.revision)-amd64
runAfter:
- build-container
taskRef:
params:
- name: name
value: apply-tags
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-apply-tags:0.1@sha256:29add9a49a2281a3755a9b580d2b9c5cb110231b14cccf8ade2fd7895a9b4b4a
- name: kind
value: task
resolver: bundles

- name: build-container-s390x
params:
- name: IMAGE
value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-s390x
- name: DOCKERFILE
value: $(params.dockerfile)
- name: CONTEXT
value: $(params.path-context)
- name: HERMETIC
value: $(params.hermetic)
- name: PREFETCH_INPUT
value: $(params.prefetch-input)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: TARGET_STAGE
value: $(params.build-target-stage)
- name: BUILD_ARGS
value:
- SCANNER_TAG=$(tasks.determine-image-tag.results.IMAGE_TAG)
- name: SOURCE_ARTIFACT
value: $(tasks.fetch-scanner-data.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
- name: PLATFORM
value: linux/s390x
taskRef:
params:
- name: name
value: buildah-remote-oci-ta
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote-oci-ta:0.1
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values: [ "true" ]

- name: apply-tags-s390x
params:
- name: IMAGE
value: $(tasks.build-container-s390x.results.IMAGE_URL)
- name: ADDITIONAL_TAGS
value:
- konflux-$(params.revision)
- konflux-$(params.revision)-s390x
runAfter:
- build-container
taskRef:
Expand All @@ -269,12 +331,196 @@ spec:
value: task
resolver: bundles

- name: build-container-ppc64le
params:
- name: IMAGE
value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-ppc64le
- name: DOCKERFILE
value: $(params.dockerfile)
- name: CONTEXT
value: $(params.path-context)
- name: HERMETIC
value: $(params.hermetic)
- name: PREFETCH_INPUT
value: $(params.prefetch-input)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: TARGET_STAGE
value: $(params.build-target-stage)
- name: BUILD_ARGS
value:
- SCANNER_TAG=$(tasks.determine-image-tag.results.IMAGE_TAG)
- name: SOURCE_ARTIFACT
value: $(tasks.fetch-scanner-data.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
- name: PLATFORM
value: linux/ppc64le
taskRef:
params:
- name: name
value: buildah-remote-oci-ta
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote-oci-ta:0.1
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values: [ "true" ]

- name: apply-tags-ppc64le
params:
- name: IMAGE
value: $(tasks.build-container-ppc64le.results.IMAGE_URL)
- name: ADDITIONAL_TAGS
value:
- konflux-$(params.revision)-ppc64le
runAfter:
- build-container
taskRef:
params:
- name: name
value: apply-tags
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-apply-tags:0.1@sha256:29add9a49a2281a3755a9b580d2b9c5cb110231b14cccf8ade2fd7895a9b4b4a
- name: kind
value: task
resolver: bundles

- name: build-container-arm64
params:
- name: IMAGE
value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-arm64
- name: DOCKERFILE
value: $(params.dockerfile)
- name: CONTEXT
value: $(params.path-context)
- name: HERMETIC
value: $(params.hermetic)
- name: PREFETCH_INPUT
value: $(params.prefetch-input)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: TARGET_STAGE
value: $(params.build-target-stage)
- name: BUILD_ARGS
value:
- SCANNER_TAG=$(tasks.determine-image-tag.results.IMAGE_TAG)
- name: SOURCE_ARTIFACT
value: $(tasks.fetch-scanner-data.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
- name: PLATFORM
value: linux/arm64
taskRef:
params:
- name: name
value: buildah-remote-oci-ta
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-remote-oci-ta:0.1
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values: [ "true" ]

- name: apply-tags-arm64
params:
- name: IMAGE
value: $(tasks.build-container-arm64.results.IMAGE_URL)
- name: ADDITIONAL_TAGS
value:
- konflux-$(params.revision)-arm64
runAfter:
- build-container
taskRef:
params:
- name: name
value: apply-tags
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-apply-tags:0.1@sha256:29add9a49a2281a3755a9b580d2b9c5cb110231b14cccf8ade2fd7895a9b4b4a
- name: kind
value: task
resolver: bundles

- name: build-container
params:
- name: IMAGE
value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: IMAGES
value:
- $(tasks.build-container-amd64.results.IMAGE_URL)@$(tasks.build-container-amd64.results.IMAGE_DIGEST)
- $(tasks.build-container-s390x.results.IMAGE_URL)@$(tasks.build-container-s390x.results.IMAGE_DIGEST)
- $(tasks.build-container-ppc64le.results.IMAGE_URL)@$(tasks.build-container-ppc64le.results.IMAGE_DIGEST)
- $(tasks.build-container-arm64.results.IMAGE_URL)@$(tasks.build-container-arm64.results.IMAGE_DIGEST)
runAfter:
- build-container-amd64
- build-container-s390x
- build-container-ppc64le
- build-container-arm64
taskRef:
params:
- name: name
value: build-image-manifest
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-build-image-manifest:0.1@sha256:fd0a0cf019621d6b577f1b9ab774bb1832f7cba61b4ceee2fd1bffc96895abf9
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"

- name: build-container-konflux
params:
- name: IMAGE
value: $(params.output-image-repo):konflux-$(params.revision)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: IMAGES
value:
- $(params.output-image-repo):konflux-$(params.revision)-amd64
- $(params.output-image-repo):konflux-$(params.revision)-s390x
- $(params.output-image-repo):konflux-$(params.revision)-ppc64le
- $(params.output-image-repo):konflux-$(params.revision)-arm64
runAfter:
- apply-tags-amd64
- apply-tags-s390x
- apply-tags-ppc64le
- apply-tags-arm64
taskRef:
params:
- name: name
value: build-image-manifest
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-build-image-manifest:0.1@sha256:fd0a0cf019621d6b577f1b9ab774bb1832f7cba61b4ceee2fd1bffc96895abf9
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"

- name: build-source-image
params:
- name: BINARY_IMAGE
value: $(tasks.build-container.results.IMAGE_URL)
- name: BASE_IMAGES
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
value: $(tasks.build-container-amd64.results.BASE_IMAGES_DIGESTS)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
Expand All @@ -299,11 +545,11 @@ spec:
- name: deprecated-base-image-check
params:
- name: BASE_IMAGES_DIGESTS
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
value: $(tasks.build-container-amd64.results.BASE_IMAGES_DIGESTS)
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-container-amd64.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
value: $(tasks.build-container-amd64.results.IMAGE_DIGEST)
taskRef:
params:
- name: name
Expand Down

0 comments on commit fdd68be

Please sign in to comment.