From 0a269a87b1da7f193a2734711f875b6ff0efdfd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Fri, 23 Sep 2022 10:39:44 +0200
Subject: [PATCH] k8s manifests

---
 k8s/buildconfig.yaml    |  0
 k8s/imagestream.yaml    |  5 +++++
 k8s/pipeline.yaml       |  8 --------
 k8s/task-buildah.yaml   | 15 +++++++++++++--
 k8s/task-git-clone.yaml |  3 ---
 5 files changed, 18 insertions(+), 13 deletions(-)
 create mode 100644 k8s/buildconfig.yaml
 create mode 100644 k8s/imagestream.yaml

diff --git a/k8s/buildconfig.yaml b/k8s/buildconfig.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/k8s/imagestream.yaml b/k8s/imagestream.yaml
new file mode 100644
index 0000000..0254666
--- /dev/null
+++ b/k8s/imagestream.yaml
@@ -0,0 +1,5 @@
+kind: ImageStream
+apiVersion: image.openshift.io/v1
+metadata:
+  name: function
+spec:
\ No newline at end of file
diff --git a/k8s/pipeline.yaml b/k8s/pipeline.yaml
index ee51663..9890065 100644
--- a/k8s/pipeline.yaml
+++ b/k8s/pipeline.yaml
@@ -6,11 +6,6 @@ spec:
   workspaces:
   - name: scratch
   params:
-  - name: buildahPlatforms
-    type: array
-    default:
-    - linux/x86_64
-    - linux/arm64/v8
   - name: gitRepositoryURL
     type: string
   - name: outputContainerImage
@@ -38,9 +33,6 @@ spec:
       value: latest
     - name: outputContainerImage
       value: "$(params.outputContainerImage)"
-    - name: buildahPlatforms
-      value:
-      - "$(params.buildahPlatforms[*])"
     workspaces:
     - name: src
       workspace: scratch
diff --git a/k8s/task-buildah.yaml b/k8s/task-buildah.yaml
index 395d0fa..a63b7f8 100644
--- a/k8s/task-buildah.yaml
+++ b/k8s/task-buildah.yaml
@@ -8,6 +8,9 @@ spec:
     type: string
   - name: outputContainerImage
     type: string
+  results:
+  - name: imageDigest
+    description: The digest of the built image manifest
   workspaces:
   - name: src
     mountPath: /src
@@ -18,6 +21,8 @@ spec:
     image: quay.io/containers/buildah:$(params.buildahVersion)
     workingDir: /src
     env:
+    - name: RESULT_IMAGE_DIGEST
+      value: "$(results.imageDigest.path)"
     - name: TARGET_IMAGE
       value: "$(params.outputContainerImage)"
     securityContext:
@@ -32,7 +37,7 @@ spec:
 
       function build () {
         echo "========================================================="
-        echo " buildah build $TARGET_IMAGE
+        echo " buildah build $TARGET_IMAGE"
         echo "========================================================="
         echo
 
@@ -50,7 +55,13 @@ spec:
         echo " buildah push $1"
         echo "========================================================="
         echo
-        buildah manifest push --storage-driver vfs --all tekton "docker://$1"
+
+        # buildah requires a slight modification to the push secret provided by the service
+        # account to use it for pushing the image
+        cp /var/run/secrets/openshift.io/push/.dockercfg /tmp
+        echo "{ \"auths\": $(cat /var/run/secrets/openshift.io/push/.dockercfg) }" > /tmp/.dockercfg
+
+        buildah manifest push --storage-driver vfs --all tekton "docker://$1" --digestfile "$RESULT_IMAGE_DIGEST" --tls-verify=false --authfile /tmp/.dockercfg
         echo
       }
 
diff --git a/k8s/task-git-clone.yaml b/k8s/task-git-clone.yaml
index 6b17769..73b1513 100644
--- a/k8s/task-git-clone.yaml
+++ b/k8s/task-git-clone.yaml
@@ -163,9 +163,6 @@ spec:
         value: $(workspaces.ssl-ca-directory.bound)
       - name: WORKSPACE_SSL_CA_DIRECTORY_PATH
         value: $(workspaces.ssl-ca-directory.path)
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65532
       script: |
         #!/usr/bin/env sh
         set -eu