Skip to content

Commit

Permalink
feat(RELEASE-400): incorporate check-data-keys task in release pipelines
Browse files Browse the repository at this point in the history 
This commit adds the check-data-keys task into the
release pipelines to ensure validation of required data keys.

Signed-off-by: Sean Conroy <sconroy@redhat.com>
  • Loading branch information
@seanconroy2021
seanconroy2021 committed Dec 4, 2024
1 parent 070946e commit fd07115
Show file tree
Hide file tree
Showing 13 changed files with 202 additions and 18 deletions.
3 changes: 3 additions & 0 deletions pipelines/fbc-release/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ Tekton release pipeline to interact with FBC Pipeline
| taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git |
| taskGitRevision | The revision in the taskGitUrl repo to be used | No | - |

## Changes in 4.1.0
* Implement the `check-data-keys` task to validate the `data.json` file using the JSON schema.

## Changes in 4.0.2
* Drop the `binaryImage` param from the task `add-fbc-contribution-to-index-image`, so IIB can auto resolve it.

Expand Down
26 changes: 25 additions & 1 deletion pipelines/fbc-release/fbc-release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: Pipeline
metadata:
name: fbc-release
labels:
app.kubernetes.io/version: "4.0.2"
app.kubernetes.io/version: "4.1.0"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
Expand Down Expand Up @@ -122,6 +122,30 @@ spec:
workspace: release-workspace
runAfter:
- verify-access-to-resources
- name: check-data-keys
params:
- name: dataPath
value: "$(tasks.collect-data.results.data)"
- name: schema
value: $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
- name: systems
value:
- fbc
- sign
taskRef:
params:
- name: url
value: $(params.taskGitUrl)
- name: revision
value: $(params.taskGitRevision)
- name: pathInRepo
value: tasks/check-data-keys/check-data-keys.yaml
resolver: git
workspaces:
- name: data
workspace: release-workspace
runAfter:
- collect-data
- name: validate-single-component
taskRef:
resolver: "git"
Expand Down
3 changes: 3 additions & 0 deletions pipelines/push-disk-images-to-cdn/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ Tekton Pipeline to push disk images to a cdn using pulp
| taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git |
| taskGitRevision | The revision in the taskGitUrl repo to be used | No | - |

## Changes in 1.2.1
* add new parameter `schema` to the `check-data-keys` task.

## Changes in 1.2.0
* The `push-disk-images` task now gets the `resultsDir` parameter from `collect-data` results
* Add the task `update-cr-status` at the end of the pipeline to save all pipeline results
Expand Down
4 changes: 3 additions & 1 deletion pipelines/push-disk-images-to-cdn/push-disk-images-to-cdn.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: Pipeline
metadata:
name: push-disk-images-to-cdn
labels:
app.kubernetes.io/version: "1.2.0"
app.kubernetes.io/version: "1.2.1"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
Expand Down Expand Up @@ -191,6 +191,8 @@ spec:
params:
- name: dataPath
value: "$(tasks.collect-data.results.data)"
- name: schema
value: $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
- name: systems
value:
- cdn
Expand Down
3 changes: 3 additions & 0 deletions pipelines/release-to-github/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ Tekton release pipeline to release binaries extracted from the image built with
| taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git |
| taskGitRevision | The revision in the taskGitUrl repo to be used | No | - |

## Changes in 4.1.0
* Implement the `check-data-keys` task to validate the `data.json` file using the JSON schema.

## Changes in 4.0.0
* Drop the `enterpriseContractPublicKey` param. The verify task will take the value from the policy.

Expand Down
26 changes: 25 additions & 1 deletion pipelines/release-to-github/release-to-github.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: Pipeline
metadata:
name: release-to-github
labels:
app.kubernetes.io/version: "4.0.0"
app.kubernetes.io/version: "4.1.0"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
Expand Down Expand Up @@ -110,6 +110,30 @@ spec:
workspace: release-workspace
runAfter:
- verify-access-to-resources
- name: check-data-keys
params:
- name: dataPath
value: "$(tasks.collect-data.results.data)"
- name: schema
value: $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
- name: systems
value:
- github
- sign
taskRef:
params:
- name: url
value: $(params.taskGitUrl)
- name: revision
value: $(params.taskGitRevision)
- name: pathInRepo
value: tasks/check-data-keys/check-data-keys.yaml
resolver: git
workspaces:
- name: data
workspace: release-workspace
runAfter:
- collect-data
- name: validate-single-component
taskRef:
resolver: "git"
Expand Down
3 changes: 3 additions & 0 deletions pipelines/release-to-mrrc/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,6 @@ Tekton release pipeline to release maven artifacts extracted from the maven repo
| verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - |
| taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git |
| taskGitRevision | The revision in the taskGitUrl repo to be used | Yes | production |

## Changes in 0.2.0
* Implement the `check-data-keys` task to validate the `data.json` file using the JSON schema.
25 changes: 24 additions & 1 deletion pipelines/release-to-mrrc/release-to-mrrc.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: Pipeline
metadata:
name: release-to-mrrc
labels:
app.kubernetes.io/version: "0.1.0"
app.kubernetes.io/version: "0.2.0"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
Expand Down Expand Up @@ -107,6 +107,29 @@ spec:
workspace: release-workspace
runAfter:
- verify-access-to-resources
- name: check-data-keys
params:
- name: dataPath
value: "$(tasks.collect-data.results.data)"
- name: schema
value: $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
- name: systems
value:
- mrrc
taskRef:
params:
- name: url
value: $(params.taskGitUrl)
- name: revision
value: $(params.taskGitRevision)
- name: pathInRepo
value: tasks/check-data-keys/check-data-keys.yaml
resolver: git
workspaces:
- name: data
workspace: release-workspace
runAfter:
- collect-data
- name: verify-enterprise-contract
taskRef:
resolver: "bundles"
Expand Down
3 changes: 3 additions & 0 deletions pipelines/rh-advisories/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ the rh-push-to-registry-redhat-io pipeline.
| taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git |
| taskGitRevision | The revision in the taskGitUrl repo to be used | No | - |

## Changes in 1.5.7
* add new parameter `schema` to the `check-data-keys` task.

## Changes in 1.5.6
* new mandatory parameter resultsDirPath added to run-file-updates task

Expand Down
4 changes: 3 additions & 1 deletion pipelines/rh-advisories/rh-advisories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: Pipeline
metadata:
name: rh-advisories
labels:
app.kubernetes.io/version: "1.5.6"
app.kubernetes.io/version: "1.5.7"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
Expand Down Expand Up @@ -509,6 +509,8 @@ spec:
params:
- name: dataPath
value: "$(tasks.collect-data.results.data)"
- name: schema
value: $(params.taskGitUrl)/raw/$(params.taskGitRevision)/schema/dataKeys.json
- name: systems
value:
- releaseNotes
Expand Down
111 changes: 100 additions & 11 deletions schema/dataKeys.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"type": "array",
"items": {
"type": "string",
"enum": ["releaseNotes", "cdn"],
"enum": ["releaseNotes", "cdn", "fbc", "sign", "mrrc", "github"],
"description": "List of systems that are supported to be required in the data"
}
},
Expand Down Expand Up @@ -520,9 +520,7 @@
}
},
"then": {
"required": [
"releaseNotes"
],
"required": ["releaseNotes"],
"properties": {
"releaseNotes": {
"required": [
Expand All @@ -540,9 +538,7 @@
],
"properties": {
"content": {
"required": [
"images"
]
"required": ["images"]
}
}
}
Expand All @@ -560,14 +556,107 @@
}
},
"then": {
"required": [
"cdn"
],
"required": ["cdn"],
"properties": {
"cdn": {
"required": ["env"]
}
}
}
},
{
"if": {
"properties": {
"systems": {
"contains": {
"const": "fbc"
}
}
}
},
"then": {
"required": ["fbc"],
"properties": {
"fbc": {
"required": [
"env"
"allowedPackages",
"fromIndex",
"targetIndex",
"publishingCredentials",
"buildTimeoutSeconds",
"issueId",
"preGA",
"productName",
"productVersion"
]
},
"properties": {
"allowedPackages": {
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
},
{
"if": {
"properties": {
"systems": {
"contains": {
"const": "sign"
}
}
}
},
"then": {
"required": ["sign"],
"properties": {
"sign": {
"required": ["configMapName"]
}
}
}
},
{
"if": {
"properties": {
"systems": {
"contains": {
"const": "mrrc"
}
}
}
},
"then": {
"required": ["mrrc"],
"properties": {
"mrrc": {
"required": ["environment", "release", "awsSecret", "charonConfig"]
},
"releaseNotes": {
"required": ["product_name", "product_version"]
}
}
}
},
{
"if": {
"properties": {
"systems": {
"contains": {
"const": "github"
}
}
}
},
"then": {
"required": ["github"],
"properties": {
"github": {
"required": ["githubSecret"]
}
}
}
Expand Down
6 changes: 5 additions & 1 deletion tasks/check-data-keys/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,11 @@ Currently, `releaseNotes`, and `cdn` are the only supported systems.
|----------|---------------------------------------------------------|----------|---------------|
| dataPath | Path to the JSON string of the merged data to use | No | |
| systems | The systems to check that all data keys are present for | Yes | [] |
| schema | The URl to the schema | Yes | https://github.com/konflux-ci/release-service-catalog/blob/production/schema/dataKeys.json |
| schema | The URl to the schema | Yes | https://github.com/konflux-ci/release-service-catalog/blob/development/schema/dataKeys.json |

## Changes in 1.1.0
* Add `-L` option to curl command to follow redirects for schema download.
* Fixes README.md `schema` parameter description.

## Changes in 1.0.0
* Replacing the check with a schema validator
Expand Down
3 changes: 2 additions & 1 deletion tasks/check-data-keys/check-data-keys.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,11 @@ spec:
exit 1
fi
if ! curl -s --fail-with-body "$(params.schema)" -o /tmp/schema ; then
if ! curl -sL --fail-with-body "$(params.schema)" -o /tmp/schema ; then
echo "Failed to download schema file: $(params.schema)"
exit 1
fi
cat "$(workspaces.data.path)/$(params.dataPath)"
systemsJSON=$(echo "$@" | jq -R 'split(" ")')
Expand Down

0 comments on commit fd07115

Please sign in to comment.