Update for operate-first.cloud

Dockerfile

@@ -5,9 +5,9 @@ LABEL maintainer="luzuccar@redhat.com"
 # gcc for cgo
 RUN dnf install -y git gcc make diffutils && rm -rf /var/lib/apt/lists/*
 
-ENV GOLANG_VERSION 1.18.3
+ENV GOLANG_VERSION 1.18.5
 ENV GOLANG_DOWNLOAD_URL https://golang.org/dl/go$GOLANG_VERSION.linux-amd64.tar.gz
-ENV GOLANG_DOWNLOAD_SHA256 956f8507b302ab0bb747613695cdae10af99bbd39a90cae522b7c0302cc27245
+ENV GOLANG_DOWNLOAD_SHA256 9e5de37f9c49942c601b191ac5fba404b868bfc21d446d6960acc12283d6e5f2 
 
 ENV OPERATOR_SDK_VERSION v1.22.0
 ENV OPERATOR_SDK_BIN /usr/bin/operator-sdk
@@ -38,14 +38,18 @@ RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/i
 ENV PATH $PATH:/bin:/usr/local/go/bin:/usr/bin/
 ENV GOPATH /home/1001
 ENV GOCACHE /root/.cache/go-build
-ENV GOENV /root/.config/go/env
+env GOLANGCI_LINT_CACHE /root/.cache/golangci-lint
+ENV GOENV /home/1001/.config/go/env
 
-RUN mkdir -p /home/1001/src /home/1001/bin /home/1001/pkg /go/build \
+RUN mkdir -p /home/1001/src /home/1001/bin /home/1001/pkg /go/build /root/.cache /root/.local /.local \
     && chmod -R 0777 /go  \
-    && chmod -R 0777 /home/1001/ 
+    && chmod -R 0777 /home/1001/ \
+    && chmod -R 0777 /root/.cache \
+    && chmod -R 0777 /root/.local \
+    && chmod -R 0777 /.local
 
-RUN chown -R 1001:1001 /home/1001 \
-    && chown -R 1001:1001 /go
+RUN chown -R 1001:root /home/1001 \
+    && chown -R 1001:root /go
 
 COPY uid_entrypoint.sh /go/
 

README.md

@@ -37,7 +37,7 @@ The pipeline uses 2 tasks (with steps)
   - catalog-image-push 
 
 The reason for the separation into 2 tasks is that the *container-all* task can be re-used
-to build operands (i.e in the node-oberrvability-operator we have an operand (agent) that is required)
+to build operands (i.e in the node-observability-operator we have an operand (agent) that is required)
 
 A custom golang image is used with the relevant dependencies to execute the various make recipes
 
@@ -63,7 +63,8 @@ Install the tekton cli and tekton resources before continuing (see https://tekto
 ### Clone the repository
 
 ```bash
-git clone git@github.com:okd-project/pipelines.git
+git clone git@github.com:okd-project/okd-operator-pipeline.git
+
 ```
 
 ### Install the storage provisioner (All clusters)
@@ -104,14 +105,15 @@ kubectl get pvc -n operator-pipeline
 
 # once all pods are in the RUNNING status create a configmap as follows
 # this assumes you have the correct credentials and have logged into the registry to push images to
-kubectl create configmap docker-config --from-file=/$HOME/.docker/config.json -n operator-pipeline
+kubectl create configmap docker-config --from-file=/$HOME/.docker/config.json -n okd-team
 ```
 
 ## Usage
 
 ### Option 1 - On clusters with existing PVCs
 
-Execute the following to start a pipeline run
+Execute the following to start a pipeline run, this will re-use the claim "pipeline-pvc-dev" for
+future builds, it will re-use the .cache and pkg dirs to speed up builds
 
 ```bash
 # example (using the node-observability-operator)
@@ -121,7 +123,7 @@ tkn pipeline start pipeline-dev-all \
 --param base-image-registry=quay.io/<your-repo-id> \
 --param bundle-version=v0.0.1 \
 --workspace name=shared-workspace,claimName=pipeline-pvc-dev \
--n operator-pipeline
+-n okd-team
 ```
 
 ### Option 2 - Kind clusters, or without existing PVCs
@@ -134,7 +136,7 @@ tkn pipeline start pipeline-dev-all \
 --param base-image-registry=quay.io/<your-repo-id> \
 --param bundle-version=v0.0.1 \
 --workspace name=shared-workspace,volumeClaimTemplateFile=manifests/tekton/pipelineruns/workspace-template.yaml \
--n operator-pipeline
+-n okd-team
 ```
 
 
@@ -180,9 +182,6 @@ The folder structure is as follows :
       |           |
       |           --- cicd
       |           |     |
-      |           |      --- namespace
-      |           |     |     |
-      |           |     |     --- namespace.yaml
       |           |     --- pvc
       |           |     |     |
       |           |     |     --- pipeline-pvc.yaml
@@ -207,13 +206,6 @@ The folder structure is as follows :
                   |           --- container-all.yaml
                   |           --- bundle-all.yaml
                   |
-                  --- triggers
-                  |     |
-                  |     --- base
-                  |           |             
-                  |           --- trigger-binding-dev.yaml
-                  |           --- trigger-event-listener-dev.yaml
-                  |           --- trigger-template-dev.yaml
                   --- rbac
                   |     |
                   |     --- base

environments/overlays/cicd/kustomization.yaml

@@ -2,12 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 bases:
   - ../../../manifests/tekton/rbac/base
-#  - ../../../manifests/tekton/triggers/base
   - ../../../manifests/tekton/tasks/base
   - ../../../manifests/tekton/pipelines/base
-resources:
-  - namespace/namespace.yaml
-  - pvc/pipeline-pvc.yaml
-  - pvc/build-cache-pvc.yaml
-namespace: operator-pipeline
+namespace: okd-team
 

environments/overlays/cicd/pvc/build-cache-pvc.yaml

@@ -2,6 +2,7 @@ kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
   name: build-cache-pvc-dev
+  namespace: okd-team
 spec:
   accessModes:
     - ReadWriteOnce

environments/overlays/cicd/pvc/pipeline-pvc.yaml

@@ -2,6 +2,7 @@ kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
   name: pipeline-pvc-dev
+  namespace: okd-team
 spec:
   accessModes:
     - ReadWriteOnce

manifests/tekton/pipelineruns/sample-pr-dev-all-on-kind.yaml

@@ -1,7 +1,7 @@
 apiVersion: tekton.dev/v1beta1
 kind: PipelineRun
 metadata:
-  namespace: operator-pipeline
+  namespace: okd-team
   name: my-dev-all
 spec:
   podTemplate:

manifests/tekton/pipelineruns/workspace-template.yaml

@@ -1,7 +1,7 @@
 spec:
-  storageClassName: standard
+  storageClassName: ocs-external-storagecluster-ceph-rbd 
   accessModes:
   - ReadWriteOnce
   resources:
     requests:
-      storage: 1Gi
+      storage: 1Gi

manifests/tekton/pipelines/base/pipeline-dev-all.yaml

@@ -2,6 +2,7 @@ apiVersion: tekton.dev/v1beta1
 kind: Pipeline
 metadata:
   name: pipeline-dev-all
+  namespace: okd-team
 spec:
   params:
   - name: repo-url 
@@ -32,7 +33,7 @@ spec:
       - name: subdirectory
         value: $(params.repo-name)
     taskRef:
-      kind: ClusterTask
+      kind: Task
       name: git-clone
     workspaces:
       - name: src

manifests/tekton/rbac/base/kustomization.yaml

@@ -3,4 +3,4 @@ bases:
   - edit.yaml
   - view.yaml
 
-namespace: golang-cicd
+namespace: okd-team

manifests/tekton/rolebindings/base/binding-dev.yaml

@@ -5,7 +5,7 @@ metadata:
 subjects:
 - kind: ServiceAccount
   name: serviceaccount-dev
-  namespace: sandbox-lzuccarelli
+  namespace: okd-team
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role

manifests/tekton/tasks/base/bundle-all.yaml

@@ -2,6 +2,7 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
   name: bundle-all 
+  namespace: okd-team
 spec:
   params:
   - name: repo-name
@@ -17,7 +18,7 @@ spec:
   workspaces:
   - name: src
   - name: build-cache-root
-    mountPath: /root
+    mountPath: /home/1001
   - name: build-cache-home
     mountPath: /home/1001
 
@@ -27,8 +28,6 @@ spec:
     workingDir: /workspace/src/$(params.repo-name)
     command: ["make"]
     args: ["bundle","OPERATOR_SDK_BIN=/usr/bin/operator-sdk","KUSTOMIZE=/usr/bin/kustomize","IMG=$(params.base-image-registry)/$(params.repo-name)-bundle:$(params.bundle-version)"]
-    securityContext:
-      runAsUser: 0
 
   - name: bundle-dockerfile-check
     image: quay.io/okd/go-bundle-tools:v1.0.0
@@ -41,17 +40,12 @@ spec:
         echo "copying Dockerfile.bundle to bundle.Dockerfile for kaniko build"
         cp  Dockerfile.bundle bundle.Dockerfile
       fi
-    securityContext:
-      runAsUser: 0
-
 
   - name: bundle-image-push
     workingDir: /workspace/src/$(params.repo-name)
     image:  gcr.io/kaniko-project/executor:latest
     command: ["/kaniko/executor"]
     args: ["--dockerfile=/workspace/src/$(params.repo-name)/bundle.Dockerfile","--context=/workspace/src/$(params.repo-name)/","--destination=$(params.base-image-registry)/$(params.repo-name)-bundle:$(params.bundle-version)"]
-    securityContext:
-      runAsUser: 0
     volumeMounts:
     - name: docker-config
       mountPath: /kaniko/.docker/
@@ -64,16 +58,12 @@ spec:
       echo "executing opm generate index dockerfile"
       /usr/bin/opm index add --bundles $(params.base-image-registry)/$(params.repo-name)-bundle:$(params.bundle-version) --generate --out-dockerfile "index.Dockerfile"
       cat index.Dockerfile
-    securityContext:
-      runAsUser: 0
 
   - name: index-image-push
     workingDir: /workspace/src/$(params.repo-name)
     image:  gcr.io/kaniko-project/executor:latest
     command: ["/kaniko/executor"]
     args: ["--dockerfile=/workspace/src/$(params.repo-name)/index.Dockerfile","--context=/workspace/src/$(params.repo-name)/","--destination=$(params.base-image-registry)/$(params.repo-name)-index:$(params.bundle-version)"]
-    securityContext:
-      runAsUser: 0
     volumeMounts:
     - name: docker-config
       mountPath: /kaniko/.docker/
@@ -103,16 +93,12 @@ spec:
 
       opm validate catalog
       cat catalog.Dockerfile
-    securityContext:
-      runAsUser: 0
 
   - name: catalog-image-push
     workingDir: /workspace/src/$(params.repo-name)
     image:  gcr.io/kaniko-project/executor:latest
     command: ["/kaniko/executor"]
     args: ["--dockerfile=/workspace/src/$(params.repo-name)/catalog.Dockerfile","--context=/workspace/src/$(params.repo-name)/","--destination=$(params.base-image-registry)/$(params.repo-name)-catalog:$(params.bundle-version)"]
-    securityContext:
-      runAsUser: 0
     volumeMounts:
     - name: docker-config
       mountPath: /kaniko/.docker/

manifests/tekton/tasks/base/container-all.yaml

@@ -2,6 +2,7 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
   name: container-all 
+  namespace: okd-team
 spec:
   params:
   - name: repo-name
@@ -17,13 +18,14 @@ spec:
   workspaces:
   - name: src
   - name: build-cache-root
-    mountPath: /root
+    mountPath: /home/1001
   - name: build-cache-home
     mountPath: /home/1001
 
   steps: 
   - name: verify
     image: quay.io/okd/go-bundle-tools:v1.0.0
+    imagePullPolicy: Always
     onError: continue
     script: |
       #!/usr/bin/env bash
@@ -84,17 +86,13 @@ spec:
       EOF
       golangci-lint run -c golangci.yaml --deadline=30m
     workingDir: /workspace/src/$(params.repo-name)
-    securityContext:
-      runAsUser: 0
 
   - name: unit-test
     image: quay.io/okd/go-bundle-tools:v1.0.0
     workingDir: /workspace/src/$(params.repo-name)
     resources:
     command: ["make"]
     args: ["test"]
-    securityContext:
-      runAsUser: 0
 
   - name: build
     image: quay.io/okd/go-bundle-tools:v1.0.0
@@ -108,8 +106,6 @@ spec:
           memory: 2000Mi
     command: ["make"]
     args: ["build-operator"]
-    securityContext:
-      runAsUser: 0
 
   - name: runtime-docker
     workingDir: /workspace/src/$(params.repo-name)
@@ -127,8 +123,6 @@ spec:
       cat runtime.Dockerfile
       # move dockerignore as it blocks bin directory
       mv .dockerignore .bakdockerignore
-    securityContext:
-      runAsUser: 0
     volumeMounts:
     - name: docker-config
       mountPath: /kaniko/.docker/
@@ -138,8 +132,6 @@ spec:
     image:  gcr.io/kaniko-project/executor:latest
     command: ["/kaniko/executor"]
     args: ["--dockerfile=/workspace/src/$(params.repo-name)/runtime.Dockerfile","--context=/workspace/src/$(params.repo-name)/","--destination=$(params.base-image-registry)/$(params.repo-name):$(params.bundle-version)"]
-    securityContext:
-      runAsUser: 0
     volumeMounts:
     - name: docker-config
       mountPath: /kaniko/.docker/

manifests/tekton/tasks/base/git-clone.yaml

@@ -1,5 +1,5 @@
 apiVersion: tekton.dev/v1beta1
-kind: ClusterTask
+kind: Task
 metadata:
   name: git-clone
   labels: