nicolas
/
bootc-edge-ai
mirror of https://github.com/nmasse-itix/bootc-edge-ai.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

wip

main
Nicolas Massé 4 months ago
parent
e38433b39e
commit
7e7b4643e0
14 changed files with 451 additions and 262 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      bootc/Containerfile
  2. 2
      bootc/root/etc/ota-update/ota.env
  3. 20
      bootc/root/etc/ota-update/service-ca.crt
  4. 15
      bootc/root/etc/systemd/system/ota-update.service
  5. 113
      bootc/root/usr/local/bin/update.sh
  6. 4
      tekton/README.md
  7. 2
      tekton/common/kustomization.yaml
  8. 4
      tekton/common/task-buildah.yaml
  9. 242
      tekton/common/task-git-clone.yaml
  10. 251
      tekton/common/task-git.yaml
  11. 8
      tekton/common/task-ota-update.yaml
  12. 10
      tekton/pipeline.yaml
  13. 20
      tekton/pipelinerun.yaml
  14. 20
      tekton/service-ca.crt

2
bootc/Containerfile
View File

@ -10,7 +10,7 @@ RUN <<EOF
set -Eeuo pipefail set -Eeuo pipefail
if [[ "$ENABLE_DNF_CACHE" == "1" ]] && ! grep -qxF 'keepcache=1' /etc/dnf/dnf.conf; then if [[ "$ENABLE_DNF_CACHE" == "1" ]] && ! grep -qxF 'keepcache=1' /etc/dnf/dnf.conf; then
echo "Disabling dnf cache..." echo "Enabling dnf cache..."
sed -i.bak '/^\[main\]$/a keepcache=1' /etc/dnf/dnf.conf sed -i.bak '/^\[main\]$/a keepcache=1' /etc/dnf/dnf.conf
fi fi

2
bootc/root/etc/ota-update/ota.env
View File

@ -0,0 +1,2 @@
MQTT_URL=mqtts://mosquitto-build-multiarch.apps.nmasse-q2-2025.sandbox1038.opentlc.com:443/bootc/updates
MOSQUITTO_OPTS=--insecure --cafile /etc/ota-update/service-ca.crt -k 15

20
bootc/root/etc/ota-update/service-ca.crt
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDUTCCAjmgAwIBAgIIE+EuJO9o6cowDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE
Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc0OTY0OTE1NTAe
Fw0yNTA2MTExMzM5MTVaFw0yNzA4MTAxMzM5MTZaMDYxNDAyBgNVBAMMK29wZW5z
aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NDk2NDkxNTUwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN+0NjKb71dma5axn4Ziu7SiJ9OSioXNFb
dCmsxSgoqOKyNaYf/qyBXOAuERnmGGL9Bvtr3nleP26JYYdyY9R+X6wWfiQSmUQW
tu3CfOqY5tQTFWz9qTUCS58XXTlAXJydooVx0PxxK560jq69d8pVzU74wr2Wxw2Y
WKYoS7En5akpjLMRLxPobiV1IMZniICeBvDKjZ0iOPaInwYFno/jZRW87AY7MkKl
BfAIAz+aefuXyKBqvKQs7yntCck+IzkXSsH5eM4raqeuT7mF+RbIS90ks0t94nj3
AzPZ822PUwYCiQYZ+mvFEVGF51YF0xkFjcHfK+9OqOT7M6nhV6KLAgMBAAGjYzBh
MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSLZRD2
v1UJRCpj5ICYBf+70HEoQDAfBgNVHSMEGDAWgBSLZRD2v1UJRCpj5ICYBf+70HEo
QDANBgkqhkiG9w0BAQsFAAOCAQEAV9y3RpVRvWz0sLfpEGdKHAntUvpW6CTLmv47
3tu2ah5Tn8udGncIpegm8l2suyOeOEv+wZyOXZRUJtZja2zRLlAIyxJYheaa3kgD
WspQvDN9iApeS6Q6ZEqEy3p8Zh4XA+rT3PRrg1ej5Kk3ofjNIA0mUBt4uuy77ovM
vmqaRSLBLGx1ShBea6Pu3sTBV5RHUgQmZHzhyANq7tHgZbxATXM60/92rwzKpfGB
+/Blfvc2ssb+YwAeDw/SYdtkOp6HVoLF1UF4Cm49MyeW0QWFbdpxV5d0WSkCM1Fm
Gsar1igyfdtXC1WYEULR79JtGUVcXehorcH/Oe1y71zmGzz3Cg==
-----END CERTIFICATE-----

15
bootc/root/etc/systemd/system/ota-update.service
View File

@ -0,0 +1,15 @@
[Unit]
Description=Over-the-Air (OTA) Update Service
Wants=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/local/bin/update.sh
EnvironmentFile=/etc/ota-update/ota.env
Restart=always
RestartSec=60
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target

113
bootc/root/usr/local/bin/update.sh
View File

@ -0,0 +1,113 @@
#!/bin/bash
# -------------------------------------------------------------------------------
# This script listens to an MQTT topic to receive image update notifications
# and triggers the system update process via bootc if the new digest is
# different from the one currently deployed.
#
# Dependencies:
# - bootc
# - jq
# - mosquitto_sub (from the mosquitto-clients package)
#
# Required environment variables:
# - MQTT_URL: The MQTT url.
# - MOSQUITTO_OPTS: The extra options to pass to mosquitto.
#
# -------------------------------------------------------------------------------
MQTT_URL="mqtts://mosquitto-build-multiarch.apps.nmasse-q2-2025.sandbox1038.opentlc.com:443/bootc/updates"
MOSQUITTO_OPTS="--insecure --cafile service-ca.crt -k 15"
# Exit immediately if a command fails, if an unset variable is used,
# or if a command in a pipeline fails.
set -Eeuo pipefail
# --- Log a message to stderr ----
function _log () {
echo "$@" >&2
}
_log "✅ Update script started."
# --- Function to run mosquitto ----
function get_mqtt_message () {
_log "ℹ️ Mosquitto command: mosquitto_sub $mosquitto_opts $MOSQUITTO_OPTS -L "$MQTT_URL" -C 1"
local return_code=0
mosquitto_sub $mosquitto_opts $MOSQUITTO_OPTS -L "$MQTT_URL" -C 1 || return_code=$?
_log "ℹ️ Mosquitto command returned with code: $return_code"
if [[ $? -ne 27 ]] && [[ $? -ne 0 ]]; then # 27 is the exit code for a timeout, which we can ignore
_log "❗️ Error: Mosquitto connection failed. Please check the MQTT URL and network connectivity."
return $?
fi
}
# 1. Get the current image and digest
_log "🔍 Checking the current image..."
CURRENT_IMAGE_REF=$(bootc status --format json | jq -r '.spec.image.image')
# Extracts the digest and the base image (e.g., registry/path/image)
# Handles the case where the image is tagged by digest (with '@')
if [[ "$CURRENT_IMAGE_REF" == *"@sha256:"* ]]; then
CURRENT_IMAGE_BASE=$(echo "$CURRENT_IMAGE_REF" | cut -d'@' -f1)
CURRENT_DIGEST=$(echo "$CURRENT_IMAGE_REF" | cut -d'@' -f2)
_log "ℹ️ Current image: $CURRENT_IMAGE_BASE"
_log "ℹ️ Current digest : $CURRENT_DIGEST"
elif [[ "$CURRENT_IMAGE_REF" == *":"* ]]; then
# If the image is tagged by a tag (e.g., :latest), we cannot compare the digest.
# The script will continue but will trigger an update on the first digest received.
CURRENT_IMAGE_BASE=$(echo "$CURRENT_IMAGE_REF" | cut -d':' -f1)
CURRENT_DIGEST=""
_log "⚠️ The current image ($CURRENT_IMAGE_REF) is using a tag. Any new digest notification will trigger an update."
else
CURRENT_IMAGE_BASE="$CURRENT_IMAGE_REF"
CURRENT_DIGEST=""
_log "⚠️ The current image ($CURRENT_IMAGE_REF) has neither digest nor tag. Any new digest notification will trigger an update."
fi
# --- Main Loop ---
mosquitto_opts="-W 10 --retained-only"
stale="1"
_log "♻️ Processing stale update triggers..."
while true; do
# 2. Wait for an MQTT message containing the new digest
_log "📡 Waiting for a message..."
# The `-C 1` flag makes mosquitto_sub exit after receiving one message.
NEW_DIGEST=$(get_mqtt_message)
if [[ -z "$NEW_DIGEST" ]]; then
_log "⚠️ No message received from the MQTT broker. Delaying for 10 seconds before retrying..."
sleep 10 # Short pause before retrying
else
_log "📩 New digest received: $NEW_DIGEST"
# 3. Compare the digests and act accordingly
if [[ "$NEW_DIGEST" != "$CURRENT_DIGEST" ]]; then
_log "✨ New digest detected! Starting the update process."
# Build the new full image reference
NEW_IMAGE_REF="${CURRENT_IMAGE_BASE}@${NEW_DIGEST}"
_log "ℹ️ New target image: $NEW_IMAGE_REF"
# Running update commands
_log "🚀 Executing 'bootc switch'..."
bootc switch "$NEW_IMAGE_REF"
_log "🔄 Rebooting the system to apply the update..."
reboot
# The script stops here due to the reboot
exit 0
else
_log "👍 The received digest is identical to the current one. No action required."
_log "😴 Returning to listening mode..."
fi
fi
# Up frow now, process only fresh messages
if [[ "$stale" -eq "1" ]]; then
_log "✨ Processing fresh update triggers only from now on."
mosquitto_opts="-R"
stale="0"
fi
done

4
tekton/README.md
View File

@ -3,7 +3,7 @@
## Tekton configuration ## Tekton configuration
```sh ```sh
oc patch configmap/feature-flags -n openshift-pipelines --type=merge -p '{"data":{"disable-affinity-assistant":"true"}}' oc patch tektonconfig/config -n openshift-pipelines --type=merge -p '{"spec":{"pipeline":{"coschedule":"disabled","disable-affinity-assistant":true}}}'
``` ```
## Pipeline manifests ## Pipeline manifests
@ -57,7 +57,7 @@ oc create secret generic github-authentication --from-literal=.git-credentials=h
Set the tekton password in the mosquitto passwd file (**common/mosquitto.conf**) and then: Set the tekton password in the mosquitto passwd file (**common/mosquitto.conf**) and then:
```sh ```sh
oc create secret generic mqtt-config --from-literal=OTA_MQTT_URL=mqtts://tekton:secret@mosquitto-build-multiarch.apps.nmasse-q2-2025.sandbox1038.opentlc.com:443/bootc/updates oc create secret generic mqtt-config --from-literal=OTA_MQTT_URL=mqtt://tekton:secret@mosquitto/bootc/updates
``` ```
## Rclone config for AWS S3 ## Rclone config for AWS S3

2
tekton/common/kustomization.yaml
View File

@ -3,7 +3,7 @@ resources:
- mosquitto.yaml - mosquitto.yaml
- task-ota-update.yaml - task-ota-update.yaml
- task-buildah.yaml - task-buildah.yaml
- task-git-clone.yaml - task-git.yaml
- task-rclone.yaml - task-rclone.yaml
- daemonset-qemu.yaml - daemonset-qemu.yaml
- storage.yaml - storage.yaml

4
tekton/common/task-buildah.yaml
View File

@ -33,6 +33,10 @@ spec:
description: RW storage to cache build artefacts description: RW storage to cache build artefacts
mountPath: /caches mountPath: /caches
optional: true optional: true
- name: rpms
description: Local RPM Repository
mountPath: /rpms
optional: true
- name: entitlements - name: entitlements
description: RW storage for RHEL entitlements description: RW storage for RHEL entitlements
mountPath: /entitlements mountPath: /entitlements

242
tekton/common/task-git-clone.yaml
View File

@ -1,242 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git-clone
labels:
app.kubernetes.io/version: "0.9"
annotations:
tekton.dev/pipelines.minVersion: "0.38.0"
tekton.dev/categories: Git
tekton.dev/tags: git
tekton.dev/displayName: "git clone"
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
spec:
description: >-
These Tasks are Git tasks to work with repositories used by other tasks
in your Pipeline.
The git-clone Task will clone a repo from the provided url into the
output Workspace. By default the repo will be cloned into the root of
your Workspace. You can clone into a subdirectory by setting this Task's
subdirectory param. This Task also supports sparse checkouts. To perform
a sparse checkout, pass a list of comma separated directory patterns to
this Task's sparseCheckoutDirectories param.
workspaces:
- name: output
description: The git repo will be cloned onto the volume backing this Workspace.
- name: ssh-directory
optional: true
description: |
A .ssh directory with private key, known_hosts, config, etc. Copied to
the user's home before git commands are executed. Used to authenticate
with the git remote when performing the clone. Binding a Secret to this
Workspace is strongly recommended over other volume types.
- name: basic-auth
optional: true
description: |
A Workspace containing a .gitconfig and .git-credentials file. These
will be copied to the user's home before any git commands are run. Any
other files in this Workspace are ignored. It is strongly recommended
to use ssh-directory over basic-auth whenever possible and to bind a
Secret to this Workspace over other volume types.
- name: ssl-ca-directory
optional: true
description: |
A workspace containing CA certificates, this will be used by Git to
verify the peer with when fetching or pushing over HTTPS.
params:
- name: url
description: Repository URL to clone from.
type: string
- name: revision
description: Revision to checkout. (branch, tag, sha, ref, etc...)
type: string
default: ""
- name: refspec
description: Refspec to fetch before checking out revision.
default: ""
- name: submodules
description: Initialize and fetch git submodules.
type: string
default: "true"
- name: depth
description: Perform a shallow clone, fetching only the most recent N commits.
type: string
default: "1"
- name: sslVerify
description: Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.
type: string
default: "true"
- name: crtFileName
description: file name of mounted crt using ssl-ca-directory workspace. default value is ca-bundle.crt.
type: string
default: "ca-bundle.crt"
- name: subdirectory
description: Subdirectory inside the `output` Workspace to clone the repo into.
type: string
default: ""
- name: sparseCheckoutDirectories
description: Define the directory patterns to match or exclude when performing a sparse checkout.
type: string
default: ""
- name: deleteExisting
description: Clean out the contents of the destination directory if it already exists before cloning.
type: string
default: "true"
- name: httpProxy
description: HTTP proxy server for non-SSL requests.
type: string
default: ""
- name: httpsProxy
description: HTTPS proxy server for SSL requests.
type: string
default: ""
- name: noProxy
description: Opt out of proxying HTTP/HTTPS requests.
type: string
default: ""
- name: verbose
description: Log the commands that are executed during `git-clone`'s operation.
type: string
default: "true"
- name: gitInitImage
description: The image providing the git-init binary that this Task runs.
type: string
default: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2"
- name: userHome
description: |
Absolute path to the user's home directory.
type: string
default: "/home/git"
results:
- name: commit
description: The precise commit SHA that was fetched by this Task.
- name: url
description: The precise URL that was fetched by this Task.
- name: committer-date
description: The epoch timestamp of the commit that was fetched by this Task.
steps:
- name: clone
image: "$(params.gitInitImage)"
env:
- name: HOME
value: "$(params.userHome)"
- name: PARAM_URL
value: $(params.url)
- name: PARAM_REVISION
value: $(params.revision)
- name: PARAM_REFSPEC
value: $(params.refspec)
- name: PARAM_SUBMODULES
value: $(params.submodules)
- name: PARAM_DEPTH
value: $(params.depth)
- name: PARAM_SSL_VERIFY
value: $(params.sslVerify)
- name: PARAM_CRT_FILENAME
value: $(params.crtFileName)
- name: PARAM_SUBDIRECTORY
value: $(params.subdirectory)
- name: PARAM_DELETE_EXISTING
value: $(params.deleteExisting)
- name: PARAM_HTTP_PROXY
value: $(params.httpProxy)
- name: PARAM_HTTPS_PROXY
value: $(params.httpsProxy)
- name: PARAM_NO_PROXY
value: $(params.noProxy)
- name: PARAM_VERBOSE
value: $(params.verbose)
- name: PARAM_SPARSE_CHECKOUT_DIRECTORIES
value: $(params.sparseCheckoutDirectories)
- name: PARAM_USER_HOME
value: $(params.userHome)
- name: WORKSPACE_OUTPUT_PATH
value: $(workspaces.output.path)
- name: WORKSPACE_SSH_DIRECTORY_BOUND
value: $(workspaces.ssh-directory.bound)
- name: WORKSPACE_SSH_DIRECTORY_PATH
value: $(workspaces.ssh-directory.path)
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND
value: $(workspaces.basic-auth.bound)
- name: WORKSPACE_BASIC_AUTH_DIRECTORY_PATH
value: $(workspaces.basic-auth.path)
- name: WORKSPACE_SSL_CA_DIRECTORY_BOUND
value: $(workspaces.ssl-ca-directory.bound)
- name: WORKSPACE_SSL_CA_DIRECTORY_PATH
value: $(workspaces.ssl-ca-directory.path)
securityContext:
runAsNonRoot: false
runAsUser: 0
script: |
#!/usr/bin/env sh
set -eu
if [ "${PARAM_VERBOSE}" = "true" ] ; then
set -x
fi
if [ "${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}" = "true" ] ; then
cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials" "${PARAM_USER_HOME}/.git-credentials"
cp "${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig" "${PARAM_USER_HOME}/.gitconfig"
chmod 400 "${PARAM_USER_HOME}/.git-credentials"
chmod 400 "${PARAM_USER_HOME}/.gitconfig"
fi
if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then
cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" "${PARAM_USER_HOME}"/.ssh
chmod 700 "${PARAM_USER_HOME}"/.ssh
chmod -R 400 "${PARAM_USER_HOME}"/.ssh/*
fi
if [ "${WORKSPACE_SSL_CA_DIRECTORY_BOUND}" = "true" ] ; then
export GIT_SSL_CAPATH="${WORKSPACE_SSL_CA_DIRECTORY_PATH}"
if [ "${PARAM_CRT_FILENAME}" != "" ] ; then
export GIT_SSL_CAINFO="${WORKSPACE_SSL_CA_DIRECTORY_PATH}/${PARAM_CRT_FILENAME}"
fi
fi
CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}"
cleandir() {
# Delete any existing contents of the repo directory if it exists.
#
# We don't just "rm -rf ${CHECKOUT_DIR}" because ${CHECKOUT_DIR} might be "/"
# or the root of a mounted volume.
if [ -d "${CHECKOUT_DIR}" ] ; then
# Delete non-hidden files and directories
rm -rf "${CHECKOUT_DIR:?}"/*
# Delete files and directories starting with . but excluding ..
rm -rf "${CHECKOUT_DIR}"/.[!.]*
# Delete files and directories starting with .. plus any other character
rm -rf "${CHECKOUT_DIR}"/..?*
fi
}
if [ "${PARAM_DELETE_EXISTING}" = "true" ] ; then
cleandir || true
fi
test -z "${PARAM_HTTP_PROXY}" || export HTTP_PROXY="${PARAM_HTTP_PROXY}"
test -z "${PARAM_HTTPS_PROXY}" || export HTTPS_PROXY="${PARAM_HTTPS_PROXY}"
test -z "${PARAM_NO_PROXY}" || export NO_PROXY="${PARAM_NO_PROXY}"
git config --global --add safe.directory "${WORKSPACE_OUTPUT_PATH}"
/ko-app/git-init \
-url="${PARAM_URL}" \
-revision="${PARAM_REVISION}" \
-refspec="${PARAM_REFSPEC}" \
-path="${CHECKOUT_DIR}" \
-sslVerify="${PARAM_SSL_VERIFY}" \
-submodules="${PARAM_SUBMODULES}" \
-depth="${PARAM_DEPTH}" \
-sparseCheckoutDirectories="${PARAM_SPARSE_CHECKOUT_DIRECTORIES}"
cd "${CHECKOUT_DIR}"
RESULT_SHA="$(git rev-parse HEAD)"
EXIT_CODE="$?"
if [ "${EXIT_CODE}" != 0 ] ; then
exit "${EXIT_CODE}"
fi
RESULT_COMMITTER_DATE="$(git log -1 --pretty=%ct)"
printf "%s" "${RESULT_COMMITTER_DATE}" > "$(results.committer-date.path)"
printf "%s" "${RESULT_SHA}" > "$(results.commit.path)"
printf "%s" "${PARAM_URL}" > "$(results.url.path)"

251
tekton/common/task-git.yaml
View File

@ -0,0 +1,251 @@
---
# Source: task-git/templates/task.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: git
labels:
app.kubernetes.io/version: 0.2.0
annotations:
tekton.dev/source: "https://github.com/openshift-pipelines/task-git"
tekton.dev/categories: Git
tekton.dev/displayName: git
tekton.dev/pipelines.minVersion: 0.41.0
tekton.dev/platforms: linux/amd64,linux/s390x,linux/ppc64le,linux/arm64
tekton.dev/tags: git
spec:
description: |
This Task represents Git and is able to initialize and clone a remote repository on the informed Workspace. It's likely to become the first `step` on a Pipeline.
workspaces:
- name: output
description: |
The Git repository directory, data will be placed on the root of the
Workspace, or on the relative path defined by the SUBDIRECTORY
parameter.
- name: ssh-directory
optional: true
description: |
A `.ssh` directory with private key, `known_hosts`, `config`, etc.
Copied to the Git user's home before cloning the repository, in order to
server as authentication mechanismBinding a Secret to this Workspace is
strongly recommended over other volume types.
- name: basic-auth
optional: true
description: |
A Workspace containing a `.gitconfig` and `.git-credentials` files.
These will be copied to the user's home before Git commands run. All
other files in this Workspace are ignored. It is strongly recommended to
use `ssh-directory` over `basic-auth` whenever possible, and to bind a
Secret to this Workspace over other volume types.
- name: ssl-ca-directory
optional: true
description: |
A Workspace containing CA certificates, this will be used by Git to
verify the peer with when interacting with remote repositories using
HTTPS.
params:
- name: URL
type: string
description: |
Git repository URL.
- name: REVISION
type: string
default: main
description: |
Revision to checkout, an branch, tag, sha, ref, etc...
- name: REFSPEC
default: ""
description: |
Repository `refspec` to fetch before checking out the revision.
- name: SUBMODULES
type: string
default: "true"
description: |
Initialize and fetch Git submodules.
- name: DEPTH
type: string
default: "1"
description: |
Number of commits to fetch, a "shallow clone" is a single commit.
- name: SSL_VERIFY
type: string
default: "true"
description: |
Sets the global `http.sslVerify` value, `false` is not advised unless
you trust the remote repository.
- name: CRT_FILENAME
type: string
default: ca-bundle.crt
description: |
Certificate Authority (CA) bundle filename on the `ssl-ca-directory`
Workspace.
- name: SUBDIRECTORY
type: string
default: ""
description: |
Relative path to the `output` Workspace where the repository will be
cloned.
- name: SPARSE_CHECKOUT_DIRECTORIES
type: string
default: ""
description: |
List of directory patterns split by comma to perform "sparse checkout".
- name: DELETE_EXISTING
type: string
default: "true"
description: |
Clean out the contents of the `output` Workspace before cloning the
repository, if data exists.
- name: HTTP_PROXY
type: string
default: ""
description: |
HTTP proxy server (non-TLS requests).
- name: HTTPS_PROXY
type: string
default: ""
description: |
HTTPS proxy server (TLS requests).
- name: NO_PROXY
type: string
default: ""
description: |
Opt out of proxying HTTP/HTTPS requests.
- name: VERBOSE
type: string
default: "false"
description: |
Log the commands executed.
- name: USER_HOME
type: string
default: "/home/git"
description: |
Absolute path to the Git user home directory.
results:
- name: COMMIT
description: |
The precise commit SHA digest cloned.
- name: URL
description: |
The precise repository URL.
- name: COMMITTER_DATE
description: |
The epoch timestamp of the commit cloned.
volumes:
- name: user-home
emptyDir: {}
- name: scripts-dir
emptyDir: {}
stepTemplate:
env:
- name: PARAMS_URL
value: "$(params.URL)"
- name: PARAMS_REVISION
value: "$(params.REVISION)"
- name: PARAMS_REFSPEC
value: "$(params.REFSPEC)"
- name: PARAMS_SUBMODULES
value: "$(params.SUBMODULES)"
- name: PARAMS_DEPTH
value: "$(params.DEPTH)"
- name: PARAMS_SSL_VERIFY
value: "$(params.SSL_VERIFY)"
- name: PARAMS_CRT_FILENAME
value: "$(params.CRT_FILENAME)"
- name: PARAMS_SUBDIRECTORY
value: "$(params.SUBDIRECTORY)"
- name: PARAMS_SPARSE_CHECKOUT_DIRECTORIES
value: "$(params.SPARSE_CHECKOUT_DIRECTORIES)"
- name: PARAMS_DELETE_EXISTING
value: "$(params.DELETE_EXISTING)"
- name: PARAMS_HTTP_PROXY
value: "$(params.HTTP_PROXY)"
- name: PARAMS_HTTPS_PROXY
value: "$(params.HTTPS_PROXY)"
- name: PARAMS_NO_PROXY
value: "$(params.NO_PROXY)"
- name: PARAMS_VERBOSE
value: "$(params.VERBOSE)"
- name: PARAMS_USER_HOME
value: "$(params.USER_HOME)"
- name: WORKSPACES_OUTPUT_PATH
value: "$(workspaces.output.path)"
- name: WORKSPACES_SSH_DIRECTORY_BOUND
value: "$(workspaces.ssh-directory.bound)"
- name: WORKSPACES_SSH_DIRECTORY_PATH
value: "$(workspaces.ssh-directory.path)"
- name: WORKSPACES_BASIC_AUTH_BOUND
value: "$(workspaces.basic-auth.bound)"
- name: WORKSPACES_BASIC_AUTH_PATH
value: "$(workspaces.basic-auth.path)"
- name: WORKSPACES_SSL_CA_DIRECTORY_BOUND
value: "$(workspaces.ssl-ca-directory.bound)"
- name: WORKSPACES_SSL_CA_DIRECTORY_PATH
value: "$(workspaces.ssl-ca-directory.path)"
- name: RESULTS_COMMITTER_DATE_PATH
value: "$(results.COMMITTER_DATE.path)"
- name: RESULTS_COMMIT_PATH
value: "$(results.COMMIT.path)"
- name: RESULTS_URL_PATH
value: "$(results.URL.path)"
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 100m
memory: 256Mi
securityContext:
runAsNonRoot: true
runAsUser: 65532
steps:
- name: load-scripts
image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14
workingDir: /scripts
script: |
printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKCmV4cG9ydCBQQVJBTVNfVVJMPSIke1BBUkFNU19VUkw6LX0iCmV4cG9ydCBQQVJBTVNfUkVWSVNJT049IiR7UEFSQU1TX1JFVklTSU9OOi19IgpleHBvcnQgUEFSQU1TX1JFRlNQRUM9IiR7UEFSQU1TX1JFRlNQRUM6LX0iCmV4cG9ydCBQQVJBTVNfU1VCTU9EVUxFUz0iJHtQQVJBTVNfU1VCTU9EVUxFUzotfSIKZXhwb3J0IFBBUkFNU19ERVBUSD0iJHtQQVJBTVNfREVQVEg6LX0iCmV4cG9ydCBQQVJBTVNfU1NMX1ZFUklGWT0iJHtQQVJBTVNfU1NMX1ZFUklGWTotfSIKZXhwb3J0IFBBUkFNU19DUlRfRklMRU5BTUU9IiR7UEFSQU1TX0NSVF9GSUxFTkFNRTotfSIKZXhwb3J0IFBBUkFNU19TVUJESVJFQ1RPUlk9IiR7UEFSQU1TX1NVQkRJUkVDVE9SWTotfSIKZXhwb3J0IFBBUkFNU19TUEFSU0VfQ0hFQ0tPVVRfRElSRUNUT1JJRVM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFUzotfSIKZXhwb3J0IFBBUkFNU19ERUxFVEVfRVhJU1RJTkc9IiR7UEFSQU1TX0RFTEVURV9FWElTVElORzotfSIKZXhwb3J0IFBBUkFNU19IVFRQX1BST1hZPSIke1BBUkFNU19IVFRQX1BST1hZOi19IgpleHBvcnQgUEFSQU1TX0hUVFBTX1BST1hZPSIke1BBUkFNU19IVFRQU19QUk9YWTotfSIKZXhwb3J0IFBBUkFNU19OT19QUk9YWT0iJHtQQVJBTVNfTk9fUFJPWFk6LX0iCmV4cG9ydCBQQVJBTVNfVkVSQk9TRT0iJHtQQVJBTVNfVkVSQk9TRTotfSIKZXhwb3J0IFBBUkFNU19VU0VSX0hPTUU9IiR7UEFSQU1TX1VTRVJfSE9NRTotfSIKCmV4cG9ydCBXT1JLU1BBQ0VTX09VVFBVVF9QQVRIPSIke1dPUktTUEFDRVNfT1VUUFVUX1BBVEg6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTSF9ESVJFQ1RPUllfQk9VTkQ9IiR7V09SS1NQQUNFU19TU0hfRElSRUNUT1JZX0JPVU5EOi19IgpleHBvcnQgV09SS1NQQUNFU19TU0hfRElSRUNUT1JZX1BBVEg9IiR7V09SS1NQQUNFU19TU0hfRElSRUNUT1JZX1BBVEg6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfQk9VTkQ9IiR7V09SS1NQQUNFU19CQVNJQ19BVVRIX0JPVU5EOi19IgpleHBvcnQgV09SS1NQQUNFU19CQVNJQ19BVVRIX1BBVEg9IiR7V09SS1NQQUNFU19CQVNJQ19BVVRIX1BBVEg6LX0iCmV4cG9ydCBXT1JLU1BBQ0VTX1NTTF9DQV9ESVJFQ1RPUllfQk9VTkQ9IiR7V09SS1NQQUNFU19TU0xfQ0FfRElSRUNUT1JZX0JPVU5EOi19IgpleHBvcnQgV09SS1NQQUNFU19TU0xfQ0FfRElSRUNUT1JZX1BBVEg9IiR7V09SS1NQQUNFU19TU0xfQ0FfRElSRUNUT1JZX1BBVEg6LX0iCgpleHBvcnQgUkVTVUxUU19DT01NSVRURVJfREFURV9QQVRIPSIke1JFU1VMVFNfQ09NTUlUVEVSX0RBVEVfUEFUSDotfSIKZXhwb3J0IFJFU1VMVFNfQ09NTUlUX1BBVEg9IiR7UkVTVUxUU19DT01NSVRfUEFUSDotfSIKZXhwb3J0IFJFU1VMVFNfVVJMX1BBVEg9IiR7UkVTVUxUU19VUkxfUEFUSDotfSIKCiMgZnVsbCBwYXRoIHRvIHRoZSBjaGVja291dCBkaXJlY3RvcnksIHVzaW5nIHRoZSBvdXRwdXQgd29ya3NwYWNlIGFuZCBzdWJkaXJlY3RvciBwYXJhbWV0ZXIKZXhwb3J0IGNoZWNrb3V0X2Rpcj0iJHtXT1JLU1BBQ0VTX09VVFBVVF9QQVRIfS8ke1BBUkFNU19TVUJESVJFQ1RPUll9IgoKIwojIEZ1bmN0aW9ucwojCgpmYWlsKCkgewogICAgZWNobyAiRVJST1I6ICR7QH0iIDE+JjIKICAgIGV4aXQgMQp9CgpwaGFzZSgpIHsKICAgIGVjaG8gIi0tLT4gUGhhc2U6ICR7QH0uLi4iCn0KCiMgSW5zcGVjdCB0aGUgZW52aXJvbm1lbnQgdmFyaWFibGVzIHRvIGFzc2VydCB0aGUgbWluaW11bSBjb25maWd1cmF0aW9uIGlzIGluZm9ybWVkLgphc3NlcnRfcmVxdWlyZWRfY29uZmlndXJhdGlvbl9vcl9mYWlsKCkgewogICAgW1sgLXogIiR7UEFSQU1TX1VSTH0iIF1dICYmCiAgICAgICAgZmFpbCAiUGFyYW1ldGVyIFVSTCBpcyBub3Qgc2V0ISIKCiAgICBbWyAteiAiJHtXT1JLU1BBQ0VTX09VVFBVVF9QQVRIfSIgXV0gJiYKICAgICAgICBmYWlsICJPdXRwdXQgV29ya3NwYWNlIGlzIG5vdCBzZXQhIgoKICAgIFtbICEgLWQgIiR7V09SS1NQQUNFU19PVVRQVVRfUEFUSH0iIF1dICYmCiAgICAgICAgZmFpbCAiT3V0cHV0IFdvcmtzcGFjZSBkaXJlY3RvcnkgJyR7V09SS1NQQUNFU19PVVRQVVRfUEFUSH0nIG5vdCBmb3VuZCEiCgogICAgcmV0dXJuIDAKfQoKIyBDb3B5IHRoZSBmaWxlIGludG8gdGhlIGRlc3RpbmF0aW9uLCBjaGVja2luZyBpZiB0aGUgc291cmNlIGV4aXN0cy4KY29weV9vcl9mYWlsKCkgewogICAgbG9jYWwgX21vZGU9IiR7MX0iCiAgICBsb2NhbCBfc3JjPSIkezJ9IgogICAgbG9jYWwgX2RzdD0iJHszfSIKCiAgICBpZiBbWyAhIC1mICIke19zcmN9IiAmJiAhIC1kICIke19zcmN9IiBdXTsgdGhlbgogICAgICAgIGZhaWwgIlNvdXJjZSBmaWxlL2RpcmVjdG9yeSBpcyBub3QgZm91bmQgYXQgJyR7X3NyY30nIgogICAgZmkKCiAgICBpZiBbWyAtZCAiJHtfc3JjfSIgXV07IHRoZW4KICAgICAgICBjcCAtUnYgJHtfc3JjfSAke19kc3R9CiAgICAgICAgY2htb2QgLXYgJHtfbW9kZX0gJHtfZHN0fQogICAgZWxzZQogICAgICAgIGluc3RhbGwgLS12ZXJib3NlIC0tbW9kZT0ke19tb2RlfSAke19zcmN9ICR7X2RzdH0KICAgIGZpCn0KCiMgRGVsZXRlIGFueSBleGlzdGluZyBjb250ZW50cyBvZiB0aGUgcmVwbyBkaXJlY3RvcnkgaWYgaXQgZXhpc3RzLiBXZSBkb24ndCBqdXN0ICJybSAtcmYgPGRpcj4iCiMgYmVjYXVzZSBtaWdodCBiZSAiLyIgb3IgdGhlIHJvb3Qgb2YgYSBtb3VudGVkIHZvbHVtZS4KY2xlYW5fZGlyKCkgewogICAgbG9jYWwgX2Rpcj0iJHsxfSIKCiAgICBbWyAhIC1kICIke19kaXJ9IiBdXSAmJgogICAgICAgIHJldHVybiAwCgogICAgIyBEZWxldGUgbm9uLWhpZGRlbiBmaWxlcyBhbmQgZGlyZWN0b3JpZXMKICAgIHJtIC1yZnYgJHtfZGlyOj99LyoKICAgICMgRGVsZXRlIGZpbGVzIGFuZCBkaXJlY3RvcmllcyBzdGFydGluZyB3aXRoIC4gYnV0IGV4Y2x1ZGluZyAuLgogICAgcm0gLXJmdiAke19kaXJ9Ly5bIS5dKgogICAgIyBEZWxldGUgZmlsZXMgYW5kIGRpcmVjdG9yaWVzIHN0YXJ0aW5nIHdpdGggLi4gcGx1cyBhbnkgb3RoZXIgY2hhcmFjdGVyCiAgICBybSAtcmZ2ICR7X2Rpcn0vLi4/Kgp9CgojCiMgU2V0dGluZ3MKIwoKIyB3aGVuIHRoZSBrby1hcHAgZGlyZWN0b3J5IGlzIHByZXNlbnQsIG1ha2luZyBzdXJlIGl0J3MgcGFydCBvZiB0aGUgUEFUSApbWyAtZCAiL2tvLWFwcCIgXV0gJiYgZXhwb3J0IFBBVEg9IiR7UEFUSH06L2tvLWFwcCIKCiMgbWFraW5nIHRoZSBzaGVsbCB2ZXJib3NlIHdoZW4gdGhlIHBhcmFtdGVyIGlzIHNldApbWyAiJHtQQVJBTVNfVkVSQk9TRX0iID09ICJ0cnVlIiBdXSAmJiBzZXQgLXgKCnJldHVybiAw" |base64 -d >common.sh
chmod +x "common.sh"
printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIEV4cG9ydHMgcHJveHkgYW5kIGN1c3RvbSBTU0wgQ0EgY2VydGlmaWNhdHMgaW4gdGhlIGVudmlyb21lbnQgYW5kIHJ1bnMgdGhlIGdpdC1pbml0IHdpdGggZmxhZ3MKIyBiYXNlZCBvbiB0aGUgdGFzayBwYXJhbWV0ZXJzLgojCgpzZXQgLWV1Cgpzb3VyY2UgJChDRFBBVEg9IGNkIC0tICIkKGRpcm5hbWUgLS0gJHswfSkiICYmIHB3ZCkvY29tbW9uLnNoCgphc3NlcnRfcmVxdWlyZWRfY29uZmlndXJhdGlvbl9vcl9mYWlsCgojCiMgQ0EgKGBzc2wtY2EtZGlyZWN0b3J5YCBXb3Jrc3BhY2UpCiMKCmlmIFtbICIke1dPUktTUEFDRVNfU1NMX0NBX0RJUkVDVE9SWV9CT1VORH0iID09ICJ0cnVlIiAmJiAtbiAiJHtQQVJBTVNfQ1JUX0ZJTEVOQU1FfSIgXV07IHRoZW4KCXBoYXNlICJJbnNwZWN0aW5nICdzc2wtY2EtZGlyZWN0b3J5JyB3b3Jrc3BhY2UgbG9va2luZyBmb3IgJyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0nIGZpbGUiCgljcnQ9IiR7V09SS1NQQUNFU19TU0xfQ0FfRElSRUNUT1JZX1BBVEh9LyR7UEFSQU1TX0NSVF9GSUxFTkFNRX0iCglbWyAhIC1mICIke2NydH0iIF1dICYmCgkJZmFpbCAiQ1JUIGZpbGUgKFBBUkFNU19DUlRfRklMRU5BTUUpIG5vdCBmb3VuZCBhdCAnJHtjcnR9JyIKCglwaGFzZSAiRXhwb3J0aW5nIGN1c3RvbSBDQSBjZXJ0aWZpY2F0ZSAnR0lUX1NTTF9DQUlORk89JHtjcnR9JyIKCWV4cG9ydCBHSVRfU1NMX0NBSU5GTz0ke2NydH0KZmkKCiMKIyBQcm94eSBTZXR0aW5ncwojCgpwaGFzZSAiU2V0dGluZyB1cCBIVFRQX1BST1hZPScke1BBUkFNU19IVFRQX1BST1hZfSciCltbIC1uICIke1BBUkFNU19IVFRQX1BST1hZfSIgXV0gJiYgZXhwb3J0IEhUVFBfUFJPWFk9IiR7UEFSQU1TX0hUVFBfUFJPWFl9IgoKcGhhc2UgIlNldHR0aW5nIHVwIEhUVFBTX1BST1hZPScke1BBUkFNU19IVFRQU19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfSFRUUFNfUFJPWFl9IiBdXSAmJiBleHBvcnQgSFRUUFNfUFJPWFk9IiR7UEFSQU1TX0hUVFBTX1BST1hZfSIKCnBoYXNlICJTZXR0aW5nIHVwIE5PX1BST1hZPScke1BBUkFNU19OT19QUk9YWX0nIgpbWyAtbiAiJHtQQVJBTVNfTk9fUFJPWFl9IiBdXSAmJiBleHBvcnQgTk9fUFJPWFk9IiR7UEFSQU1TX05PX1BST1hZfSIKCiMKIyBHaXQgQ2xvbmUKIwoKcGhhc2UgIlNldHRpbmcgb3V0cHV0IHdvcmtzcGFjZSBhcyBzYWZlIGRpcmVjdG9yeSAoJyR7V09SS1NQQUNFU19PVVRQVVRfUEFUSH0nKSIKZ2l0IGNvbmZpZyAtLWdsb2JhbCAtLWFkZCBzYWZlLmRpcmVjdG9yeSAiJHtXT1JLU1BBQ0VTX09VVFBVVF9QQVRIfSIKCnBoYXNlICJDbG9uaW5nICcke1BBUkFNU19VUkx9JyBpbnRvICcke2NoZWNrb3V0X2Rpcn0nIgpzZXQgLXgKZXhlYyBnaXQtaW5pdCBcCgktdXJsPSIke1BBUkFNU19VUkx9IiBcCgktcmV2aXNpb249IiR7UEFSQU1TX1JFVklTSU9OfSIgXAoJLXJlZnNwZWM9IiR7UEFSQU1TX1JFRlNQRUN9IiBcCgktcGF0aD0iJHtjaGVja291dF9kaXJ9IiBcCgktc3NsVmVyaWZ5PSIke1BBUkFNU19TU0xfVkVSSUZZfSIgXAoJLXN1Ym1vZHVsZXM9IiR7UEFSQU1TX1NVQk1PRFVMRVN9IiBcCgktZGVwdGg9IiR7UEFSQU1TX0RFUFRIfSIgXAoJLXNwYXJzZUNoZWNrb3V0RGlyZWN0b3JpZXM9IiR7UEFSQU1TX1NQQVJTRV9DSEVDS09VVF9ESVJFQ1RPUklFU30iCg==" |base64 -d >git-clone.sh
chmod +x "git-clone.sh"
printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNldHMgdXAgdGhlIGJhc2ljIGFuZCBTU0ggYXV0aGVudGljYXRpb24gYmFzZWQgb24gaW5mb3JtZWQgd29ya3NwYWNlcywgYXMgd2VsbCBhcyBjbGVhbmluZyB1cCB0aGUKIyBwcmV2aW91cyBnaXQtY2xvbmUgc3RhbGUgZGF0YS4KIwoKc2V0IC1ldQoKc291cmNlICQoQ0RQQVRIPSBjZCAtLSAiJChkaXJuYW1lIC0tICR7MH0pIiAmJiBwd2QpL2NvbW1vbi5zaAoKYXNzZXJ0X3JlcXVpcmVkX2NvbmZpZ3VyYXRpb25fb3JfZmFpbAoKcGhhc2UgIlByZXBhcmluZyB0aGUgZmlsZXN5c3RlbSBiZWZvcmUgY2xvbmluZyB0aGUgcmVwb3NpdG9yeSIKCmlmIFtbICIke1dPUktTUEFDRVNfQkFTSUNfQVVUSF9CT1VORH0iID09ICJ0cnVlIiBdXTsgdGhlbgoJcGhhc2UgIkNvbmZpZ3VyaW5nIEdpdCBhdXRoZW50aWNhdGlvbiB3aXRoICdiYXNpYy1hdXRoJyBXb3Jrc3BhY2UgZmlsZXMiCgoJZm9yIGYgaW4gLmdpdC1jcmVkZW50aWFscyAuZ2l0Y29uZmlnOyBkbwoJCXNyYz0iJHtXT1JLU1BBQ0VTX0JBU0lDX0FVVEhfUEFUSH0vJHtmfSIKCQlwaGFzZSAiQ29weWluZyAnJHtzcmN9JyB0byAnJHtQQVJBTVNfVVNFUl9IT01FfSciCgkJY29weV9vcl9mYWlsIDQwMCAke3NyY30gIiR7UEFSQU1TX1VTRVJfSE9NRX0vIgoJZG9uZQpmaQoKaWYgW1sgIiR7V09SS1NQQUNFU19TU0hfRElSRUNUT1JZX0JPVU5EfSIgPT0gInRydWUiIF1dOyB0aGVuCglwaGFzZSAiQ29weWluZyAnLnNzaCcgZnJvbSBzc2gtZGlyZWN0b3J5IHdvcmtzcGFjZSAoJyR7V09SS1NQQUNFU19TU0hfRElSRUNUT1JZX1BBVEh9JykiCgoJZG90X3NzaD0iJHtQQVJBTVNfVVNFUl9IT01FfS8uc3NoIgoJY29weV9vcl9mYWlsIDcwMCAke1dPUktTUEFDRVNfU1NIX0RJUkVDVE9SWV9QQVRIfSAke2RvdF9zc2h9CgljaG1vZCAtUnYgNDAwICR7ZG90X3NzaH0vKgpmaQoKaWYgW1sgIiR7UEFSQU1TX0RFTEVURV9FWElTVElOR30iID09ICJ0cnVlIiBdXTsgdGhlbgoJcGhhc2UgIkRlbGV0aW5nIGFsbCBjb250ZW50cyBvZiBjaGVja291dC1kaXIgJyR7Y2hlY2tvdXRfZGlyfSciCgljbGVhbl9kaXIgJHtjaGVja291dF9kaXJ9IHx8IHRydWUKZmkKCmV4aXQgMA==" |base64 -d >prepare.sh
chmod +x "prepare.sh"
printf '%s' "IyEvdXNyL2Jpbi9lbnYgc2gKIwojIFNjYW4gdGhlIGNsb25lZCByZXBvc2l0b3J5IGluIG9yZGVyIHRvIHJlcG9ydCBkZXRhaWxzIHdyaXR0aW5nIHRoZSByZXN1bHQgZmlsZXMuCiMKCnNldCAtZXUKCnNvdXJjZSAkKENEUEFUSD0gY2QgLS0gIiQoZGlybmFtZSAtLSAkezB9KSIgJiYgcHdkKS9jb21tb24uc2gKCmFzc2VydF9yZXF1aXJlZF9jb25maWd1cmF0aW9uX29yX2ZhaWwKCnBoYXNlICJDb2xsZWN0aW5nIGNsb25lZCByZXBvc2l0b3J5IGluZm9ybWF0aW9uICgnJHtjaGVja291dF9kaXJ9JykiCgpjZCAiJHtjaGVja291dF9kaXJ9IiB8fCBmYWlsICJOb3QgYWJsZSB0byBlbnRlciBjaGVja291dC1kaXIgJyR7Y2hlY2tvdXRfZGlyfSciCgpwaGFzZSAiU2V0dGluZyBvdXRwdXQgd29ya3NwYWNlIGFzIHNhZmUgZGlyZWN0b3J5ICgnJHtXT1JLU1BBQ0VTX09VVFBVVF9QQVRIfScpIgpnaXQgY29uZmlnIC0tZ2xvYmFsIC0tYWRkIHNhZmUuZGlyZWN0b3J5ICIke1dPUktTUEFDRVNfT1VUUFVUX1BBVEh9IgoKcmVzdWx0X3NoYT0iJChnaXQgcmV2LXBhcnNlIEhFQUQpIgpyZXN1bHRfY29tbWl0dGVyX2RhdGU9IiQoZ2l0IGxvZyAtMSAtLXByZXR0eT0lY3QpIgoKcGhhc2UgIlJlcG9ydGluZyBsYXN0IGNvbW1pdCBkYXRlICcke3Jlc3VsdF9jb21taXR0ZXJfZGF0ZX0nIgpwcmludGYgIiVzIiAiJHtyZXN1bHRfY29tbWl0dGVyX2RhdGV9IiA+JHtSRVNVTFRTX0NPTU1JVFRFUl9EQVRFX1BBVEh9CgpwaGFzZSAiUmVwb3J0aW5nIHBhcnNlZCByZXZpc2lvbiBTSEEgJyR7cmVzdWx0X3NoYX0nIgpwcmludGYgIiVzIiAiJHtyZXN1bHRfc2hhfSIgPiR7UkVTVUxUU19DT01NSVRfUEFUSH0KCnBoYXNlICJSZXBvcnRpbmcgcmVwb3NpdG9yeSBVUkwgJyR7UEFSQU1TX1VSTH0nIgpwcmludGYgIiVzIiAiJHtQQVJBTVNfVVJMfSIgPiR7UkVTVUxUU19VUkxfUEFUSH0KCmV4aXQgMA==" |base64 -d >report.sh
chmod +x "report.sh"
volumeMounts:
- name: scripts-dir
mountPath: /scripts
- name: prepare
image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14
command:
- /scripts/prepare.sh
volumeMounts:
- name: scripts-dir
mountPath: /scripts
- name: user-home
mountPath: $(params.USER_HOME)
- name: git-clone
image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14
command:
- /scripts/git-clone.sh
volumeMounts:
- name: scripts-dir
mountPath: /scripts
- name: user-home
mountPath: $(params.USER_HOME)
- name: report
image: registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8@sha256:c4b2183f7c7997bd401d86b33eefb637b3ef2fa90618e875106292cd69a15c14
command:
- /scripts/report.sh
volumeMounts:
- name: scripts-dir
mountPath: /scripts

8
tekton/common/task-ota-update.yaml
View File

@ -18,7 +18,7 @@ spec:
- name: OTA_VERSION - name: OTA_VERSION
value: "$(params.otaVersion)" value: "$(params.otaVersion)"
script: | script: |
#!/bin/bash #!/bin/sh
set -Eeuo pipefail set -eu
echo "Sending the OTA firmware udate notification for version $OTA_VERSION on $OTA_MQTT_TOPIC..." echo "Sending the OTA firmware udate notification for version $OTA_VERSION..."
mosquitto_pub -L "$OTA_MQTT_URL" -m "$OTA_VERSION" -d mosquitto_pub --retain -L "$OTA_MQTT_URL" -m "$OTA_VERSION" -d

10
tekton/pipeline.yaml
View File

@ -12,6 +12,8 @@ spec:
optional: true optional: true
- name: entitlements - name: entitlements
optional: true optional: true
- name: rpms
optional: true
- name: git-auth - name: git-auth
optional: true optional: true
- name: registries-conf - name: registries-conf
@ -44,11 +46,11 @@ spec:
- name: clone-repo - name: clone-repo
taskRef: taskRef:
kind: Task kind: Task
name: git-clone name: git
params: params:
- name: url - name: URL
value: $(params.git-url) value: $(params.git-url)
- name: revision - name: REVISION
value: $(params.git-revision) value: $(params.git-revision)
workspaces: workspaces:
- name: output - name: output
@ -118,6 +120,8 @@ spec:
workspace: caches workspace: caches
- name: entitlements - name: entitlements
workspace: entitlements workspace: entitlements
- name: rpms
workspace: rpms
- name: ota-update - name: ota-update
runAfter: ["buildah-bootc"] runAfter: ["buildah-bootc"]

20
tekton/pipelinerun.yaml
View File

@ -20,19 +20,19 @@ spec:
value: app/model-s3.onnx value: app/model-s3.onnx
- name: build-architectures - name: build-architectures
value: value:
- aarch64 - x86_64
# - name: pypi-mirror-url # - name: pypi-mirror-url
# value: http://... # value: http://...
workspaces: workspaces:
# - name: caches - name: caches
# persistentVolumeClaim:
# claimName: bootc-caches
# - name: entitlements
# persistentVolumeClaim:
# claimName: bootc-entitlements
- name: rpms
persistentVolumeClaim: persistentVolumeClaim:
claimName: bootc-rpms claimName: bootc-caches
- name: entitlements
persistentVolumeClaim:
claimName: bootc-entitlements
# - name: rpms
# persistentVolumeClaim:
# claimName: bootc-rpms
- name: source-workspace - name: source-workspace
volumeClaimTemplate: volumeClaimTemplate:
spec: spec:
@ -56,3 +56,5 @@ spec:
# name: registries-conf # name: registries-conf
taskRunTemplate: taskRunTemplate:
serviceAccountName: buildbot serviceAccountName: buildbot
timeouts:
pipeline: 2h

20
tekton/service-ca.crt
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDUTCCAjmgAwIBAgIIE+EuJO9o6cowDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE
Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTc0OTY0OTE1NTAe
Fw0yNTA2MTExMzM5MTVaFw0yNzA4MTAxMzM5MTZaMDYxNDAyBgNVBAMMK29wZW5z
aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3NDk2NDkxNTUwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN+0NjKb71dma5axn4Ziu7SiJ9OSioXNFb
dCmsxSgoqOKyNaYf/qyBXOAuERnmGGL9Bvtr3nleP26JYYdyY9R+X6wWfiQSmUQW
tu3CfOqY5tQTFWz9qTUCS58XXTlAXJydooVx0PxxK560jq69d8pVzU74wr2Wxw2Y
WKYoS7En5akpjLMRLxPobiV1IMZniICeBvDKjZ0iOPaInwYFno/jZRW87AY7MkKl
BfAIAz+aefuXyKBqvKQs7yntCck+IzkXSsH5eM4raqeuT7mF+RbIS90ks0t94nj3
AzPZ822PUwYCiQYZ+mvFEVGF51YF0xkFjcHfK+9OqOT7M6nhV6KLAgMBAAGjYzBh
MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSLZRD2
v1UJRCpj5ICYBf+70HEoQDAfBgNVHSMEGDAWgBSLZRD2v1UJRCpj5ICYBf+70HEo
QDANBgkqhkiG9w0BAQsFAAOCAQEAV9y3RpVRvWz0sLfpEGdKHAntUvpW6CTLmv47
3tu2ah5Tn8udGncIpegm8l2suyOeOEv+wZyOXZRUJtZja2zRLlAIyxJYheaa3kgD
WspQvDN9iApeS6Q6ZEqEy3p8Zh4XA+rT3PRrg1ej5Kk3ofjNIA0mUBt4uuy77ovM
vmqaRSLBLGx1ShBea6Pu3sTBV5RHUgQmZHzhyANq7tHgZbxATXM60/92rwzKpfGB
+/Blfvc2ssb+YwAeDw/SYdtkOp6HVoLF1UF4Cm49MyeW0QWFbdpxV5d0WSkCM1Fm
Gsar1igyfdtXC1WYEULR79JtGUVcXehorcH/Oe1y71zmGzz3Cg==
-----END CERTIFICATE-----
Write Preview
Loading…
Cancel
Save